Introduction to Email Server Security:

Email Server Security - Process Street

This Process Street email server security checklist is engineered to help you set up an email server and to do so with the highest levels of security.

An email server is a vital part of any company's infrastructure and it would be very difficult to be a successful business without one. However, as a result of phishing attacks and a range of other dangerous practices, emails and the networks they operate on present a potential point of entry to crackers looking to exploit the vulnerabilities of your system.

In this checklist, we try to cover as many security steps as we can in order to give you as many defensive options as possible. Some of these steps are technical in nature, such as enabling DKIM or DMARC. However, human error is one of the greatest threats to any network.

Each employee is a trojan horse waiting to happen. As a result, we have also included steps for you to make sure that employees throughout the company are trained in basic security practices. At the very least, we hope to see them use strong passwords.

This Process Street template is fully editable and you can adapt it to suit your personal needs. There may be steps you feel are overkill and want to remove, or you may have further steps you want to add in which you feel we've missed. You can edit the template to change tasks or the content of tasks as you wish.

Throughout this checklist, you will find opportunities to add information into form fields. The information entered here is stored within the template overview tab each time a checklist is run. This allows you to review what occurred in each process over time. You can export this data to a CSV file if you wish to keep your own copy.

If you want to know more about email server security check out the video below:

Email Security: How Secure Email Works in the Cloud - BlazeVideo

Record checklist details

Use the form fields below to record information relevant to the process.

Who is setting up the server?

For what reason is the email server being created?

What date will the secure server be live?

Enable SPF to prevent forgery

SPF or Sender Policy Framework (SPF) is a security mechanism created to prevent other people from sending emails on your behalf.

SPF works by allowing DNS servers to communicate with each other to check authorized IPs. This stops someone else sending mail from your network while working from a different IP.

If you were using Google to send your mail, you could find their recommended steps for setting this up here.

Make emails trustworthy by enabling DKIM

DKIM or DomainKeys Identified Mail is similar to SPF.

This works by creating two keys, a public one and a private one. These are encrypted signatures in the header of your email which demonstrate the sender is really you.

The receiver then takes the public key and checks your DNS records with it in order to be able to encrypt the private key. This is how they know whether it is a legitimate email or not.

You can normally enable the public key from your email provider's admin console. For Google users, there's this set of instructions for reference.

Once you have the public key, you can add the generated txt record to your DNS records and then turn on email signing within your provider.

Enable DMARC

DMARC or Domain-based Message Authentication Reporting and Conformance is a further level of security which requires you already have SPF and DKIM enabled.